Identity Theft Information for Michigan Consumers
The Attorney General provides Consumer Alerts to inform the public of unfair, misleading, or deceptive business practices, and to provide information and guidance on other issues of concern. Consumer Alerts are not legal advice, legal authority, or a binding legal opinion from the Department of Attorney General.
Identity Theft Information
for Michigan Consumers
The Attorney General's Office urges consumers to continue to guard their personal information. Measures outlined in this alert can help protect consumers, but some types of identity theft ("ID theft") are very difficult to combat. For example, a medical identity thief might try to use your identifying information to obtain medical goods or services or file false reimbursement claims. While medical and other non-credit types of ID theft may not be preventable by security freezes and fraud alerts, consumers can reduce their risk by limiting disclosure of their personal information.
In addition, consumers remain entitled to receive free credit reports annually from each of the national consumer reporting companies. Reviewing your credit reports for phony accounts and bogus debts is one of the best tools consumers have to combat ID theft. The Attorney General advises all consumers to review their credit reports regularly. See the "Free Annual Credit Reports - What Consumers Should Know" alert for detailed information.
ID Theft victims and consumers who want to take even stronger precautions to protect their information should consider requesting a "security freeze" to block access to their credit files. This option is relatively new in Michigan and is the subject of a consumer alert, "Security Freeze Information for Michigan Consumers."
All three major national consumer reporting companies now offer security freezes. A security freeze blocks access to your credit report by third parties without your express authorization. There are limited exceptions for your existing creditors, collection agencies, and law enforcement agencies that are authorized by law or acting under administrative orders, subpoenas, or search warrants. Security freezes are discussed in more detail in the Attorney General's alert, "Security Freeze Information for Michigan Consumers."
Advertising for various types of services claimed to offer protection against ID theft has become increasingly common. The Attorney General's Office does not endorse any commercial offers and recommends that consumers carefully: 1) read the fine print to understand exactly what is (and is not) being offered and how much it will cost; then 2) determine whether the service provides enough additional protection, compared to services offered elsewhere for little or no charge, to be worth the investment.
For more information concerning security freezes, fraud alerts, and other steps consumers can take, you may wish to consult other sources, such as the Federal Trade Commission's website devoted entirely to the detection, prevention, and resolution of identity theft, which may be found here: http://www.ftc.gov/bcp/edu/microsites/idtheft/
The Attorney General's Health Care Fraud Division investigates and prosecutes cases involving physical or financial abuse or neglect of elderly and other vulnerable adults living in resident care facilities, including cases of ID theft. (See the Attorney General's "Abuse Alert" on ID Theft for more information.)
Victims and caregivers of victims who live in residential care facilities, including assisted-living facilities, should directly contact the Attorney General's 24-hour Health Care Fraud Hotline at 1-800-24-ABUSE / 1-800-242-2873.
ID Theft is the wrongful use of YOUR personal information - such as your name, social security number, or credit card number - without your permission by another person to commit fraudulent or criminal acts. ID thieves take out phony loans or ring up bogus charges in your name. Some consumers have even experienced criminal convictions in their names from the criminal acts of ID thieves.
The inability to gain access to credit and the disruption of daily life can be devastating. Victims of ID theft often have trouble getting new credit cards or loans because of the damage to their credit ratings, and the time and emotional toll consumers pay when trying to reverse the effects of ID theft can be heavy.
ID theft is a silent crime. Experienced ID thieves may use your identifying information for months or years while you remain unaware. Often, consumers do not learn that they are victims of ID theft until they have been denied credit because of negative entries on their credit reports.
There is good reason for consumers to be concerned - ID theft:
Can strike anyone at any time;
Can destroy a consumer's credit standing;
Can cause adverse employment actions;
Can result in wrongful criminal convictions;
Creates nightmares for citizens trying to restore their good names;
Causes heavy fraud losses to honest businesses and drives up prices to consumers.
ID thieves use your personal information to impersonate you. The information might include your credit card or bank account numbers, your social security number, your date of birth, your mother's maiden name, your driver's license or state ID number, your e-mail address, account passwords, and other items that can uniquely identify you.
- Steal wallets and purses containing your personal information, such as social security numbers, driver's license numbers, credit and debit card information, and checking account numbers;
- Steal your mail - financial statements, utility bills, medical correspondence, pre-approved credit offers, social security checks, and tax documents all contain personal information useful to ID thieves;
- Submit a change-of-address form with the US Postal Service to divert your mail to another location;
- Rummage through household or business trash containers. For professional "dumpster divers," trash containers are gold mines of valuable personal information;
- Fraudulently obtain your credit report by posing as a landlord, bank, employer, or someone else who may have a legitimate need to review your report;
- Find personal information you have left in a place accessible to the public, such as a store or unlocked car;
- Get hold of the personal information you share on the Internet;
- Obtain your personal information from an insider - for example, a store or bank employee;
- Telephone spoofing - program a familiar phone number to appear on your caller identification screen to con you into releasing information over the telephone;
- Attach viruses in e-mails containing key-logging software that sends detailed logs of all the information typed into your computer.
- They open a new credit card account, using your name, date of birth, and social security number. When they use the credit card and don't pay the bills, the delinquent account is reported on your credit report;
- They establish telephone or other utility services in your name;
- They open a bank account in your name and write bad checks on that account;
- They take out loans or obtain credit in your name;
- They counterfeit checks or debit cards, and drain your bank account;
- They file for bankruptcy under your name to avoid paying debts they've incurred (also under your name) or to avoid eviction;
- They commit crimes in your name, possibly leading to a wrongful criminal record in your name.
They use your information to obtain medical services, possibly causing inaccurate information being associated with your medical records.
Don't disclose your social security number, your date of birth, your mother's maiden name, your driver's license or state ID number, your e-mail address, account numbers, credit card numbers, or other personal information unless you know who you're giving it to and for what purpose. For example:
If a retailer asks to record your social security number or driver's license number on your check, ask why, and consider paying with cash instead of by check;
Ask how a prospective employer will handle the personal information on your application;
Be aware that identity thieves may call you posing as representatives of banks or governmental workers, contact you with bogus e-mail offers with links to phony websites, or send you sweepstakes offers in the mail - all in an effort to trick you into revealing your personal information.
Never give out your SSN, account number, or other identifying information to someone who calls you and demands your personal information. If in doubt, find the telephone number of the government office, credit card company, or other business independently - from your monthly account statement or telephone directory - and say you'll call back. If the caller resists your request, hang up.
Carefully - and promptly - review records, especially your credit card, bank, and mortgage statements, for unauthorized charges or fraudulent use. In addition, scrutinize your local, long distance, cellular, and other utility bills each month. Report, in writing, any unauthorized uses.
Shred or destroy all mail and other documents containing your personal information - credit receipts, bank statements, medical documents, utility bills, pre-approved credit offers, etc. - before discarding them in order to prevent "dumpster divers" from fishing your valuable personal information out of the trash.
Keep sensitive documents in a safe and secure place at home, especially if you have roommates, employ outside help, or are having service work done in your home.
Cancel all credit cards that you do not use. These account numbers are listed on your credit report and may be stolen by ID thieves.
Don't use insecure mailboxes. Never mail personal checks from an unlocked mailbox and make sure your sensitive mail is delivered to a secure mailbox or PO Box at your local post office.
To stop receiving pre-approved credit card offers in the mail, call 1-888-5-OPTOUT
- Register with the Federal Trade Commission's (FTC) national do-not-call program to reduce your telemarketing calls. Michigan consumers who have access to an e-mail address are able to sign up, at no cost, on the national registry online at www.donotcall.gov. The toll-free number to call for registration is 1-888-382-1222.
- Other types of information-sharing that consumers may request businesses to block are listed on the World Privacy Forum's "Top Ten Opt-Out" web page.
- Tell banks, insurers, and other financial institutions not to share your customer information. Under federal law, they are required to honor your request. However, the law does not prevent these institutions from sharing your information with sister companies, subsidiaries, or companies with whom they have a "joint marketing agreement."
- Limit the information printed on your personal checks - your middle name, phone number, SSN, and driver's license number; and if you have an established account, even your address can be left off your checks when you order new checks from your financial institution.
- Keep a secure master list or photocopies of all important identification and account numbers - driver's license, social security card, credit cards, bank and utility account numbers, expiration dates, and the phone numbers of the customer service fraud departments of your card issuers. Keep this list in a safe, accessible place, such as a safe or safe deposit box - and not your purse, wallet, or car - so that you can respond quickly in case your identification is lost or stolen. You may wish to use the Attorney General's Master List of Financial & Identification Information.
- Memorize all your passwords or keep them in a very safe location, such as a safe deposit box. Don't record them on anything you carry with you in your purse, wallet, or car. Never keep passwords or PINs near cards or documents identifying the account they belong to, unless the information is stored in a safe deposit box or other very secure place.
- Order a copy of your free credit report from each of the three major credit-reporting agencies every year. Make sure it is accurate and includes only those activities you've authorized. Ongoing monitoring of your credit report is possible if you order one report from a different company every four months.
The Attorney General's Office recommends that consumers review the detailed consumer alert "Free Annual Credit Reports - What Consumers Should Know." As explained in the alert, consumers have a right to order free copies of their credit reports from credit bureaus. The three major consumer reporting companies - Equifax, Experian, and TransUnion - have established a single, centralized service for consumers to use when ordering free credit reports prepared by these three companies. Do not attempt to order your free annual credit report directly from the consumer reporting companies!
The Attorney General's Office recommends either mailing the completed "Annual Credit Report Request Form" or calling, toll-free, 1-877-322-8228.
While the quickest method for obtaining your reports is to order them online through the website www.annualcreditreport.com, which is run collectively by the three consumer reporting companies, consumers must be cautious when ordering online. (The Attorney General's consumer alert on Free Annual Credit Reports explains concerns consumers should be aware of when ordering online.) Additionally, advertising for a "free" credit report that directs consumers to a source other than www.annualcreditreport.com or the centralized toll-free number (877-322-8228) is not really for a free report but instead (in the fine print) requires a purchase in order to receive the "free" service.
The FTC is an excellent source of national information for all consumers concerned about ID theft. It is strongly recommended that victims of ID theft immediately visit the FTC's web page for ID theft victims, "Defend: Recover From Identity Theft."
ID theft victims should:
1. Place a fraud alert on your credit reports, and review your credit reports.
- Contact one of the three major consumer reporting companies using the toll-free number provided at the end of this alert and ask for a "fraud alert" to be placed on your file and request that no new credit be granted without your express, personal approval. (It is not necessary to request a fraud alert from each consumer reporting company, as they are required by law to inform each other of fraud alert requests.)
- Ask how long your account will be flagged with a fraud alert. Record the expiration date of the fraud alert, and call back as this date approaches if you wish the alert to remain on your file.
o There are two main types of Fraud Alerts:
Initial Alert - this fraud alert will stay on your credit report for at least 90 days. Even if you have already received your three free credit reports for the year, by placing a fraud alert you are entitled to one free credit report from each of the three agencies.
Extended Alert - this fraud alert stays on your credit report for 7 years. This type of alert will only be approved if a police report indicating that you are a victim of ID Theft can be provided to the credit bureau. When you place an extended alert, you are entitled to two free credit reports within a 12-month period from each of the three nationwide consumer reporting companies. Additionally, your name will be removed from marketing lists for pre-screened offers for five years unless you ask for your name to be placed back on it sooner.
- To place either of these alerts you will need to provide proof of identity, which will likely include your social security number, name, address, date of birth, and last known address for 5 years. To remove either alert, this information, as well as a copy of an identity theft report, will be required.
- It is also recommended that each ID Theft victim request that a victim statement be included within their credit report so that future and existing creditors know to call you before they either open or change any accounts.
- If after reviewing your credit reports you find fraudulent information, then it is up to you to send a letter to the relevant consumer reporting company informing them of precisely what information is fraudulent and asking them to block fraudulent information. The FTC's sample "Blocking Letter Consumer Reporting Company" letter is a good guide.
- Upon receipt of this letter the consumer reporting company has four (4) business days to block the fraudulent information from appearing on your credit report.
- It is however not the consumer reporting company's responsibility to contact the information provider; i.e. the bank or company responsible for the fraudulent charge, therefore it is important to also contact the source to get any unauthorized charges straightened out.
- Close the accounts that you know, or believe, have been tampered with or opened fraudulently. Call and speak with someone in the security or fraud department of each company.
When contacting the security/fraud department of a creditor, make sure it is within the first 60 days after the first bill containing the error was mailed to you. Additionally, make sure that this (telephone) contact is followed up with a certified letter with return receipt requested. This will become your proof of the date the creditor received formal notification of the discrepancy should a notification issue arise. In the event the thief has changed the address on your account and as a result you haven't received the actual bill, you are still responsible for contacting this creditor within the 60-day time period to reduce your liability.
The Fair Credit Billing Act has established measures pertaining to billing errors and discrepancies, including fraudulent charges on your account. Specifically, the law limits a consumer's liability for unauthorized charges to $50 per card if reported within the 60-day period after the fraudulent charge was committed. A creditor MUST acknowledge your complaint in writing within 30 days after receiving it and additionally they must resolve the dispute in 90 days or less from the day the complaint was received in writing.
Follow up your phone contact with a written notice. The Michigan State Police (MSP) have a model Letter to Credit Grantors.
When you open a new account, use new Personal Identification Numbers (PINs) and passwords. Use unique passwords (not your mother's maiden name or social security number) on any new accounts you open.
If the identity thief has made charges or debits on your account, or fraudulently opened accounts, ask the company for the forms to dispute those transactions. If the company does not have special dispute forms, us the FTC's dispute forms:
o "Dispute Letter For Existing Accounts"
o "Dispute Letter for New Accounts"
Contacting other creditors to place them on notice that you are a victim of ID theft is also prudent and the MSP's model "Notification to General Creditor to Flag Account" is a good tool. MSP also offers a model "Letter to Collection Agencies".
- File a complaint with the Federal Trade Commission. You can file a complaint with the FTC using the online complaint form (you access the actual complaint form from the "FTC Complaint Assistant" icon) or call the FTC's ID Theft Hotline, toll-free at 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.
You will be able to print a completed copy of your electronic complaint. Keep a copy to provide to creditors, consumer reporting company, law enforcement, and other government offices.
The FTC's ID Theft counselors can advise you on the basis of your situation what additional steps you should consider.
Complaints to the FTC are entered on the nation's only central ID Theft database, which is accessible to law enforcement agencies around the nation.
- File a police report with your local police department or the police in the community where the ID Theft took place.
Call you local police department and tell them you want to file an "Identity Theft Report." When you go to your local police department, bring a copy of your completed FTC ID Theft Complaint and Affidavit form. Also take the FTC's "law enforcement cover memorandum." This memorandum explains to law enforcement how important it is to a consumer to obtain a detailed police report.
When you go to local law enforcement to file your complaint, bring with you all relevant documents and be sure to ask for a copy of your report, along with the report number.
Law enforcement agencies may legally seek transaction records related to the theft of your identity under the Identity Theft Protection Act, but it is still advisable to give permission in writing for them to request and receive documents on your behalf. By doing this you can expedite the resolution greatly which can be crucial in preventing future damage.
- Consider requesting a "security freeze." All three consumer reporting companies now offer security freezes to Michigan residents. If you suspect you are a victim of medical ID Theft, you may wish to take additional steps, such as requesting an accounting of disclosures of your medical information. For more information on medical ID theft, visit http://worldprivacyforum.org/2012/04/resource-page-medical-identity-theft/.
- If you are not an ID Theft victim, it will cost you $10.00 for each freeze you place with a consumer reporting company.
- A security freeze prevents third parties from accessing and obtaining your credit report without your express authorization. However, it does not prevent your existing creditors or collection agencies acting on their own behalf from accessing it.
- Additionally, government agencies will also maintain access to your credit report via administrative orders, subpoenas, or search warrants.
- For specific information on how to place a security freeze see the Security Freeze Information for Michigan Consumers" alert.
- If a company insists on pursuing a debt that is obviously the result of identify theft, the Michigan Attorney General's Consumer Protection Division may be able to help you resolve the problem. Please file a complaint with our office. (Contact information for the Consumer Protection Division is listed below.)
- Monitor your bank account and credit card statements, and take advantage of your right to request free annual credit reports.
- Disclose your personal information only when necessary and appropriate. Ask questions - Why is your information being requested? How will it be stored? When and how will it be destroyed? Will it be shared with other parties?
Note - The ability of businesses to place fraud alerts on consumers' credit files is the subject of a federal lawsuit, and the Attorney General advises consumers considering any monitoring service, especially current subscribers, to carefully review any company's terms of service.
Three-Bureau Credit Monitoring
This service, offered by Equifax, Experian, and TransUnion at a monthly cost of $12.95 (or more), sends e-mail alerts to subscribers when new accounts, inquiries, negative information, credit-limit changes, and other items appear on their credit reports and provides ID Theft Insurance coverage. A similar service offered by Debix offers to contact consumers by telephone, rather than e-mail.
Consumers considering subscribing to such services may wish to consider:
- Whether a security freeze, by limiting third party access to your credit reports, would eliminate the need for ongoing monitoring;
- If you are a victim of ID theft or have been notified that your personal information has been compromised in a security breach, whether you have access to monitoring services at no charge;
- Whether online monitoring of your credit and banking account activity, will provide you with timely information about existing accounts;
- Whether, given the availability of free credit reports and the delay that occurs before a fraudulent account appears in your credit reports, the service enables you to quickly respond to the unauthorized use of your information;
- Whether a three-credit bureau credit monitoring plan will protect against the use of your information if it is linked or comingled with the information of another person or other data that do not pertain to you.
A fraud-detection plan goes beyond credit monitoring and fraud-alert services by checking other "public" records, such as criminal records, official filings regarding real estate transactions, employment records associated with your social security number, as well as some other places your information may appear, which could include chat rooms, and national databases containing credit card applications. According to Consumer Reports, these services range between $96 and $240 per year. Many of the steps included in fraud detection plans can be taken by consumers without charge. Further, fraud detection services do not prevent ID theft and may not catch certain activity, such as medical ID theft and "fragmented" credit files (which are created when a thief combines your social security number with a different name and address to invent a new identity).
ID Theft Insurance
Offers for ID Theft Insurance promising coverage for ID theft-related losses of up to $2,000,000 catch the attention of many consumers. But before subscribing, consumers should consider: what sort of losses the ID theft insurance policy does and does not, cover and what exclusions apply; the cost of the policy and of any other services that must also be purchased; whether protections offered to consumers against fraudulent charges by banks and credit card companies provide adequate protections against liability for fraudulent use of their personal information, and whether businesses who suffer security breaches potentially affecting your information are likely to offer similar services for no charge to their customers. As with any insurance policy, the Attorney General strongly urges consumers to read the "fine print." Insurance policies may contain unpublicized limitations, exclusions, and preconditions to filing claims.These services include:
Michigan ID theft laws include:
- Stronger tools for protecting victims and prosecuting ID thieves:
o Criminal charges may be filed in the jurisdiction where the victim lives;
o A victim has a right to file a police report;
o Courts may impose a $25,000 fine and a consecutive sentence of up to 5 years commencing after the sentence on an underlying fraud crime has been served;
o The statute of limitations for prosecuting criminals is extended to 6 years after the ID theft or after the identification of the ID thief.
- The Identity Theft Protection Act, MCL 445.61 et seq, protects a broad range of "personal identifying information" - information that can be used to specifically identify an individual. This act also expanded the definition of "identity theft." In Michigan, the crime of ID theft now includes the fraudulent use - or the attempted use - of personal identifying information of another person to commit an illegal act. Personal information remains protected under this Act even after the person dies, so that criminals attempting to misuse information of a deceased person can be punished under this new law.
- While ID Theft is a crime, consumers also have new civil protections. Section 11 of the Identity Theft Protection Act makes certain practices illegal in trade or commerce, and civil penalties and private remedies are available in addition to criminal penalties for some knowing violations. Some of these new protections are:
o Lenders must take reasonable steps to verify a consumer's identity before extending credit;
o Lenders generally may not extend unsolicited credit to consumers;
o Consumers cannot be denied credit or utility service merely because they are ID theft victims; police reports, affidavits may be submitted to establish victim status;
o Consumers can bring private actions - violations of section 11 of the Identity Theft Protection Act are violations of the Michigan Consumer Protection Act. See section 3(jj) of the Consumer Protection Act, MCL 445.903(jj).
- The Social Security Number Privacy Act, MCL 445.81 et seq, and amendments to the Consumer Protection Act introduced a variety of measures to protect the privacy and security of SSNs.
o Subject to certain exceptions, the Social Security Number Privacy Act prohibits the public display of more than four sequential digits of a consumer's SSN, encourages the creation of privacy policies describing the use and disposal of SSN information, and limits the printing of SSNs on health care cards, student IDs, and other cards, badges, or licenses. There are criminal penalties for knowing violations of laws protecting SSNs, as well as private remedies for victims.
o Subject to certain exceptions, the Michigan Consumer Protection Act now:
o limits a company's right to require customers to disclose their SSNs as a condition of doing business. MCL 445.903(hh); and
o requires truncation of credit card numbers. Generally, a merchant may not issue a receipt that displays any part of a debit or credit card's expiration date or more than the last 4 digits of the consumer's account number (unless the only receipt issued is handwritten, mechanically imprinted, or photocopied). MCL 445.903(ii).
For Reporting Fraud To Consumer Reporting Companies
(Do not use for ordering free annual credit reports.)
Call: 1-800-525-6285; and
Write: P.O. Box 740241, Atlanta, GA 30374-0241
Call: 1-888-EXPERIAN (397-3742); and
Write: P.O. Box 9532, Allen TX 75013
Call: 1-800-680-7289; and
Write: Fraud Victim Assistance Division
P.O. Box 6790, Fullerton, CA 92834-6790
Recent related material from the Attorney General includes:
Protecting Your Personal Information:
An electronic version of the FTC's "Defend: Recover From Identity Theft" and additional publications and articles on a variety of topics related to ID theft are available at the FTC's website:
ID Theft Home Page:
Consumers may also call the FTC's ID Theft Hotline at 1-877-IDTHEFT (1-877-438-4338); TTY: 1-866-653-4261.
Federal Trade Commission - Online ID Theft Complaint Form
Inquiries and complaints may also be directed to the Attorney General's Consumer Protection Division at:
Consumer Protection Division
P.O. Box 30213
Lansing, MI 48909
Toll-free within Michigan: 1-877-765-8388
www.michigan.gov/ag (alerts and online complaint form)